Macquarie University
01whole.pdf (611.6 kB)
Download file

Adaptation of information flow concepts in a capability-based functional language

Download (611.6 kB)
posted on 2022-08-16, 03:01 authored by Cameron John Pappas

The average cost of a data breach in 2019 was estimated at $3.92 million USD. Some of these breaches were caused through the exploitation of software vulnerabilities. Analysis indicates information leaks are the third most common of these vulnerabilities. Information leaks are caused when data flows violate a security policy. Leaks can be identified by information flow analysis, which tracks how data flows through a program to protect sensitive data. Static, dynamic and hybrid approaches exist, tagging data or locations with security levels. Typically these approaches are external to the core language, provided through libraries and tools. In this thesis we explore core language mechanisms as a means to enforce a security policy that prevents the declassification of data, language-wide. Leveraging the type system, we encode security levels and simultaneously enforce the policy. We introduce an existing security-focused, functional language, Cooma, which uses capabilities to represent permissions and side-effects. By default, Cooma programs have no capabilities so users must explicitly provide them at run-time. Embedding information flow analysis in Cooma’s type system, we present CoomaIF. We prove well-typed CoomaIF programs don’t violate our security policy and demonstrate the security guarantees CoomaIF provides.


Table of Contents

1 Introduction -- 2 Background -- 3 An introduction to Cooma -- 4 Information flow concepts in Cooma -- 5 Evaluation -- 6 Conclusion -- References


A thesis submitted to Macquarie University in partial fulfilment of the degree of Master of Research

Awarding Institution

Macquarie University

Degree Type

Thesis MRes


Thesis (MRes), Macquarie University, Faculty of Science and Engineering, 2020

Department, Centre or School

Department of Computing

Year of Award


Principal Supervisor

Anthony Sloane

Additional Supervisor 1

Annabelle McIver


Copyright: Cameron John Pappas Copyright disclaimer:




61 pages

Usage metrics

    Macquarie University Theses